Discover published sets by community

Exploits critical vulnerabilities in modern processors to read privileged memory from an unprivileged user, even without permissions. Mitigations include kernel patches like Kernel Page Table Isolation (KPTI) and avoiding untrusted programs.

An attack that allows access to files and directories that are stored outside the web root folder. To mitigate, validate user input, avoid using user input to access file systems, and employ directory traversal protection features.

A set of software tools that enable an unauthorized user to gain control of a computer system without being detected. Mitigations include anti-rootkit software, maintaining secure authentication procedures, and regular system checks.

Occurs when a program writes more data to a buffer than it was intended to hold. Possible mitigations include implementing bounds checking, using languages that enforce memory safety, and adopting Address Space Layout Randomization (ASLR).

Occurs when there is a write to a portion of memory that has been allocated to the heap, causing unexpected behavior in a program. Mitigations include using a memory-safe language, heap canaries, and enforcing strict memory management.

When a program references memory after it has been freed, which can lead to code execution or crashing. Mitigations include using tools that help detect use-after-free errors and avoiding manual memory management.

A security flaw in the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. Mitigation involves updating to a fixed version of OpenSSL, revoking compromised keys, and reissuing new keys.

An attack that exploits physical weaknesses in memory chips to flip the values of bits in memory. Mitigations include using memory modules with error-correcting code (ECC) and deploying security patches from hardware vendors.

When an attacker has the ability to make a remote system run arbitrary code. Mitigation can involve disabling unnecessary services, using firewalls, and keeping software up-to-date.

This occurs when an attacker manages to inject malicious scripts into content from otherwise reputable websites. Mitigations include implementing content security policy, validating and sanitizing user input, and using anti-XSS libraries.

A race condition where a system resource's state can change between checking it and using it. Mitigations involve atomic operations, file locking, and minimizing the window of opportunity for state change.

A form of attack that causes a stack to collide with another memory region. Mitigation strategies include using a larger stack guard, enabling stack-smashing protection, and reordering variables.

Occurs when a symbolic link is created between the checking of a path and its usage, allowing an attacker scope to manipulate the symlink. Mitigations include employing privilege separation and user/file capabilities.

Occurs when an application provides direct access to objects based on user-supplied input. Mitigations include not exposing internal object references to users and employing access control checks.

Occurs when an arithmetic operation attempts to create a numeric value that is outside the range that can be represented with a given number of bits. Mitigations involve safe mathematical functions and validating all inputs.

A severe replay attack on the Wi-Fi Protected Access protocol that secures Wi-Fi connections. Mitigations include updating Wi-Fi devices with patches provided by manufacturers and using a secure channel over Wi-Fi such as VPN.

A vulnerability that forces a program to access arbitrary locations in program memory. Mitigations include installing patches provided by hardware and software vendors and recompiling software with new compilers designed to protect against the vulnerability.

Occurs when a user gains privileges they are not entitled to due to flaws in software design. Mitigations include patching software, using least privilege principles, and system call filtering.

An attack that involves insertion of an SQL query via the input data from the client to the application. Mitigations include prepared statements, stored procedures, and input validation with whitelisting.

Any attack based on information gained from the physical implementation of a computer system. Mitigations include using constant-time algorithms and being aware of cache usage patterns.

An attack intended to shut down a machine or network, making it inaccessible to its intended users. Mitigations include robust network architecture, rate limiting, and filtering traffic.

A technique of fraudulently obtaining private information. Mitigations involve user education, using spam filters, and implementing strong authentication mechanisms.

A flaw that occurs when the system's substantive behavior is dependent on the sequence or timing of other uncontrollable events. Mitigations involve using mutexes, semaphores, and ensuring threads or processes do not adversely affect each other.

Occurs when an attacker secretly relays and possibly alters the communication between two parties. Mitigations include using encrypted connections, employing certificate pinning, and robust authentication mechanisms.